Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Brendan Kidwell wrote: > > Tom Metro-16 wrote: >> Don Levey wrote: >>> Why are these attempts getting past the Linksys in the first place, and >>> How are they being directed to this one machine? >> Is the target machine running a protocol that makes outbound UDP >> connections on random ports? DNS perhaps? >> >> UDP is not stateful, and once your router sets up a NAT table entry for >> the outbound packet, it may not be restricting the source IP of the >> replies. >> >> (Some VPNs take advantage of an aspect of this to accomplish NAT >> traversal... >> > > Don, can you afford to shut everything down and run the target machine with > no outbound packets allowed for a day or so and see if the problem goes > away? If it does, then yes as Tom suggests, some outbound pseudo-connection > over UDP is opening up a path back in. (This was my first thought as well.) > Hmm... No outbound at all may be difficult, as it holds the mail server, calendar server, and the like. However, this didn't happen before BIND was set up on this machine, and it explains all the symptoms. Everything except what I need to use is walled off, so I'm not as concerned about penetration as I am about explanation. Just gives me another excuse to work on the proper firewall unit. Thanks! -Don -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFKcIGTiVR8AmYXiFARAnw8AKCMJ81BKJR8d0dP0myhS98Q9gBjbgCfb65w a9ex6HjS8q6Fy/n/KsfUonA= =cf7S -----END PGP SIGNATURE-----
BLU is a member of BostonUserGroups | |
We also thank MIT for the use of their facilities. |